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DETAILED ACTION 

1 . Claims 1-32 are presented for examination. Claims 25-30 are withdrawn from 
consideration. 

Claim Rejections - 35 USC §103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that 
the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

3. Claims 1-19 and 31-32 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Haverstock et al (Haverstock), US 2002/0038357, in view of Serbinis et al (Serbinis), US 
6,314,425. 

4. Haverstock and Serbinis were cited in previous office actions. 

5. As per claims 1 and 12, Haverstock taught the invention substantially as claimed 
including a computer-implemented method for controlling access to documents during a 
workflow (pp. 0009, 0012, 0027), comprising: 

a. upon entry of a base document into a workflow (document, pp. 0027-0028); 
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b. selectively providing a user access to the base document (document, pp. 0027- 
0028) depending upon the identity of a user (role-based security with different 
level of access privilege to the document, pp. 0046, 0057, 0060, 0062-0071); 

c. selectively providing access to perform operations on the base document 
depending upon the identity of a user (role-based security with different level of 
access privilege to the document, pp. 0057, 0059-0060, 0066-0071). 

6. Haverstock further taught that access privilege is different for different user identities 
(pp. 0060, 0065-0071) and to provide accesses to perform operations on the accessed document 
of such user identity (pp. 0065-0071). Haverstock did not specifically teach to create a workflow 
working copy of the base document, selectively provide a user access to the workflow working 
copy of the base document and selectively providing access to perform operations on the 
workflow working copy of the base document depending upon the identity of a user. Serbinis 
taught to make a workflow copy of the base document upon entry into a workflow and to enable 
user access to the working copy of the base document depending on the user authorization 
(col. 11, lines 7-16). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Haverstock and Serbinis because Serbinis' s 
teaching of making a workflow copy of the base document and accessing the copy of base 
document enables Haverstock' s system to leave the base document available for access by other 
authorized users (Serbinis, col. 11, lines 7-16). 
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7. As per claim 2, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 1. Haverstock further taught the method to further comprising: 

a. storing access control list data in relation to the base document, the access control 
list data defining access controls on performing operations of the workflow 
working copy of the base document (pp. 0063, 0065-0071); and 

b. storing security descriptor data in relation to the base document and the workflow 
working copy of the base document, the security descriptor data defining access 
controls on reading the base document and the working copy of the base 
document (pp. 0063, 0065-0066, 0069), 

8. As per claims 3-4, Haverstock and Serbinis taught the invention substantially as claimed 
in claim 2. Haverstock further taught that wherein the step of selectively providing access to 
perform operations on the workflow working copy of the base document depending upon the 
identity of a user (pp. 0065-0066), comprises: 

a. determining using the access control list data stored in relation to the base 
document that a user has/does not have permission to perform an operation on the 
workflow working copy of the base document (pp. 0057, 0063, 0065-0066, 0070- 
0071); and 

b. allowing/denying the user to perform the operation on the workflow working 
copy of the base document (pp. 0057, 0066-0067). 
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9. As per claims 5-6, Haverstock and Serbinis taught the invention substantially as claimed 
in claim 2. Haverstock further taught wherein the access control list data comprises information 
identifying for each of a plurality of operations, the set of users that have permission to perform 
the operation, and said act of selectively providing access to perform operations on the workflow 
working copy of the base document depending upon the identity of a user (pp. 0060-0071), 
comprises: 

a. referencing the information identifying for each of a plurality of operations, the 
set of users that have permission to perform the operation (pp. 0062-0063, 0067- 
0071); and 

b. if the user is/is not in the set of users that have permission to perform the 
operation, providing/denying access to the operation (pp. 0057). 

10. As per claim 7, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 5. Haverstock further taught that wherein the set of users are defined in terms of the roles 
that have permission to perform the operation (pp. 0057-0058, 0060, 0065-0066), and said act of 
referencing the information identifying for each of a plurality of operations, the set of users that 
have permission to perform the operation (pp. 0065-0071), comprises: 

a. resolving for the user the set of roles to which the user has been assigned (pp. 
0057-0058); and 

b. determining using the set of roles to which the user has been assigned and the set 
of users defined in terms of the roles that have permission to perform the 
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operation, whether the user has permission to perform the requested operation 
(pp. 0065-0071). 

11. As per claims 8-9, Haverstock and Serbinis taught the invention substantially as claimed 
in claim 2 including the step of selectively providing a user access to the workflow working copy 
of the base document depending upon the identity of a user (pp. 0065-0066, see claims 1-2 
rejection), Haverstock further taught the step to comprise: 

a. determining using the security descriptor data stored in relation to the base 
document and the workflow working copy document, that a user has/does not 
have permission to read the workflow working copy of the base document (pp. 
0057, 0063, 0065-0066, 0070-0071); and 

b. providing/denying the user access to the workflow working copy of the base 
document (pp. 0057). 

12. As per claim 10, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 2. Haverstock further taught wherein the security descriptor data comprises information 
identifying the set of users that have permission to read each of the base document and the 
workflow working copy of the base document (pp. 0057, 0060, 0065-0066), and said act of 
selectively providing access to the workflow working copy of the base documents depending on 
the identity of the user (pp. 0065-0071), comprises: 
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a. referencing the information identifying the set of users that have permission to 
read each of the base document and the workflow working copy of the base 
document (pp. 0069-0071); and 

b. if the user is in the set of users that have permission to read the workflow working 
copy of the base document, providing access to the workflow working copy of the 
base document (pp. 0057, 0069). 

13. As per claim 1 1, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 10. Haverstock further taught wherein the set of users are defined in terms of the roles that 
have permission to read each of the base document and the workflow working copy of the base 
document, and said act of referencing the information identifying the set of users that have 
permission to read each of the base document and the workflow working copy of the base 
document (pp. 0065-0071), comprises: 

a. resolving for the user the set of roles to which the user has been assigned (pp. 
0057); and 

b. determining using the set of roles to which the user has been assigned and the set 
of roles that have permission to read each of the base document and the workflow 
working copy of the base document, whether the user has permission to read the 
base document or the workflow working copy of the base document (pp. 0063, 
0065-0071). 
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14. As per claim 13, Haverstock taught the invention substantially as claimed including a 
system for providing document isolation in a workflow environment (pp. 0009, 0012, 0027- 
0028), comprising: 

a. a processor, wherein said processor is operable to execute instructions for 
performing the following acts (pp. 001 1): 

i. maintaining for a base document undergoing a publishing workflow 
(0027-0028), the base document (pp. 0018, replication, pp. 0025); 

ii. maintaining access control data in relation to the base document (pp. 0063, 
0065-0066); 

iii. upon receipt of a request to access the base document (pp. 0027-0028), 
selectively determining based on the access control data to provide access 
to the base document (role-based security with different level of access 
privilege to the document, pp. 0057, 0065-0071). 

15. Haverstock further taught to maintain access control data in relation to the documents 
(pp. 0063, 0065-0066). Haverstock did not specifically teach to maintain a workflow copy of the 
base document and to selectively determine based on the access control data, to provide access to 
the workflow copy of the base document. Serbinis taught to make a workflow copy of the base 
document and to grant user access to the working copy of the base document depending on the 
user authorization (col. 11, lines 7-16). It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to combine the teachings of Haverstock and Serbinis 
because Serbinis' s teaching of making a workflow copy of the base document and accessing the 



Application/Control Number: 09/607, 1 70 Page 9 

Art Unit: 2154 

workflow copy of base document enables Haverstock's system to leave the base document 
available for access by other authorized users (Serbinis, col.l 1, lines 7-16). 

16. As per claim 14, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 13. Haverstock further taught wherein the access control data comprises security 
descriptor data identifying the set of users that have permission to read the base document and 
the workflow copy of the base document (pp. 0057-0058, 0062-0063, 0065-0071). 

17. As per claim 15, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 14. Haverstock further taught wherein said processor is operable to execute instructions 
for performing the following acts: 

a. referencing the security descriptor data (pp. 0067-0071); and 

b. determining that a user should be directed to the workflow copy of the base 
document based on the security descriptor data (pp. 0057, 0060, 0066-0071). 

18. As per claim 16, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 15. Haverstock further taught wherein the security descriptor data identifies a set of roles 
corresponding to the set of users that have permission to read the base document and the 
workflow copy of the base document, and wherein said processor is operable to execute 
instructions for performing the act of determining the set of roles that a user has been assigned 
(pp. 0057, 0060, 0065-0071). 
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19. As per claim 17, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 13. Haverstock further taught wherein the access control data comprises access control list 
data identifying the set of users that have permission to perform operations on the workflow 
copy of the base document (pp. 0057, 0065-0071). 

20. As per claim 18, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 17. Haverstock further taught wherein said processor is operable to execute instructions 
for performing the following acts: 

a. referencing the access control list data (pp. 0067-0071).; and 

b. determining that a user should be allowed to perform an operation on the 
workflow copy of the base document based on the access control list data (pp. 
0057, 0060, 0066-0071). 

21. As per claim 19, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 18. Haverstock further taught wherein the access control list data identifies a set of roles 
corresponding to the set of users that have permission to perform operations on the workflow 
copy of the base document, and wherein said processor is operable to execute instructions for 
performing the further act of determining the set of roles that a user has been assigned (pp. 0057, 
0060, 0065-0071). 

22. As per claim 31, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 1 . Serbinis further taught to replace the base document with the working workflow 
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document upon exit of the base document from the workflow (coL3, lines 31-35, 57-63, col 10, 
lines 1-5, col.l 1, lines 19-23, 31-35). It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to combme the teachings of Haverstock and Serbinis 
because Serbinis' s teaching of making a workflow copy of the base document and accessing the 
copy of base document enables Haverstock's system to leave the base document available for 
access by other authorized users (Serbinis, col.l 1, lines 7-16). 

23. As per claim 32, Haverstock and Serbinis taught the invention substantially as claimed in 
claim 13. Serbinis further taught that upon exit of the base document from the workflow 
replacing the base document with the workflow copy of the base document (coL3, Hnes 31-35, 
57-63, col 10, lines 1-5, col.l 1, lines 19-23, 31-35). It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to combine the teachings of 
Haverstock and Serbinis because Serbinis' s teaching of making a workflow copy of the base 
document and accessing the copy of base document enables Haverstock's system to leave the 
base document available for access by other authorized users (Serbinis, col, 1 1, lines 7-16). 

24. Claims 20 and 22-24 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Haverstock, US 2002/0038357, in view of Serbinis, US 6,314,425, and Sudama et al (Sudama), 
US 5,555,375. 



25. 



Haverstock and Sudama were cited in previous office actions. 
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26. As per claim 20, Haverstock taught the invention substantially as claimed including a 
method for controlling access to operations that may be performed on a document (pp. 0057, 
0060, 0065-0071), comprising: 

a. Workflow processes (pp. 0027-0028) 

b. Receiving a request to create a new operation that may be performed on the 
documents (role-based security with different level of access privilege to the 
document, pp. 0057, 0060, access privilege changed, 0065-0071); 

c. Updating the access control list to include entries (pp. 0060-0066). 

27. Haverstock further taught to update access controls to reflect the addition of a new 
operation (pp. 0060, access privilege changed) that may be performed on documents (role-based 
security with different level of access privilege to the document, pp. 0057, 0060, 0065-0071). 

28. Haverstock did not specifically teach the method to comprise: creating a workflow copy 
of the base document, assigning a unique identifier to the new operation; updating the access 
control list to include an entry for the unique identifier for the new operation nor to include an 
entry identifying the roles that have access to the new operation . Serbinis taught to make a 
workflow copy of the base document and to grant user access to the working copy of the base 
document depending on the user authorization upon creation of a workflow (col.l 1, lines 7-16). 
It would have been obvious to one of ordinary skill in the art at the time the invention was made 
to combine the teachings of Haverstock and Serbinis because Serbinis' s teaching of making a 
workflow copy of the base document and accessing the workflow copy of base document enables 
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Haverstock's system to leave the base document available for access by other authorized users 
(Serbinis, col. 1 1, lines 7-16). 

29. Haverstock and Serbinis did not specifically teach the method to comprise: assigning a 
unique identifier to the new operation; updating the access control hst to include an entry for the 
unique identifier for the new operation nor to include an entry identifying the roles that have 
access to the new operation . Sudama taught to assign unique identifier to operations (col. 5, lines 
33-37, col. 8, lines 55-57) for management purpose. It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to combine the teachings of 
Haverstock, Serbinis and Sudama because Sudama' s teaching of assigning unique identifiers to 
operations to provide management benefits enables Haverstock and Serbinis' method to manage 
and keep track of the types of operations performed on the documents using the identifiers. It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
also provide unique identification to new operations in Haverstock, Serbinis and Sudama' s 
system in order to manage the new operations performed on the documents. 

30. Haverstock, Serbinis and Sudama did not specifically teach the method to comprise 
updating the access control list to include an entry for the unique identifier for the new operation 
or to include an entry identifying the roles that have access to the new operation . However, in 
order to add the new operation and enable the roles to have access to the new operation, the 
access control list must be updated so the authentication to the existing users is valid with the 
new operation since the access control list is in correspondence with the operations and user 
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roles. It is an essential step to include entries of such new operations and roles with authorities 
to such new operations to be entered into the control access list, whether the step is done 
manually or automatically, that cannot be skipped. It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to recognize that once a new 
operation is introduce in Haverstock, Serbinis and Sudama's method, the access control list must 
be edited to provide up to date authentication to provide existing users, that have the privilege, to 
execute the new operation. 

31. As per claim 22, Haverstock, Serbinis and Sudama taught the invention substantially as 
claimed in claim 20. Haverstock further taught wherein the workflow is a publishing workflow 
and the new operation is at least one of the following: review and approve (pp. 0027-0028). 

32. As per claim 23, Haverstock, Serbinis and Sudama taught the invention substantially as 
claimed in claim 20. Haverstock further comprising: 

a. Receiving a request to perform the new operation on the workflow copy of the 
base document (role-based security with different level of access privilege to the 
document, pp. 0057, 0060, 0065-0071); 

b. Determining using the access control list whether to allow access to the new 
operation (pp. 0057-0058, 0062-0063). 

33 . As per claim 24, Haverstock, Serbinis and Sudama taught the invention substantially as 
claimed in claim 23. Haverstock further taught wherein determining using the access control list 
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whether to allow access to the new operation comprises comparing a user's roles with the roles 
identified in the access control list as having access to the new operation (pp. 0057-0058, 0062- 
0063). 

34. Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over Haverstock, 
Serbinis and Sudama as applied to claim 20 above, and further in view of Barkley, US 
6,088,679. 

35. Barkley was cited in the last office action. 

36. As per claim 21, Haverstock, Serbinis and Sudama taught the invention substantially as 
claimed in claim 20, Haverstock, Serbinis and Sudama did not specifically teach to update the 
access control list to change roles that have access to the new operation in response to a change 
from a first state to a second state by the workflow copy of the document in the workflow. 
Barkley taught o update the access control list to change roles that have access to the new 
operation in response to a change in the state occupied by the workflow copy of the document in 
the workflow (col. 6, lines 23-27, 34-39, 42-65). It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to combine the teachings of Haverstock, 
Serbinis, Sudama and Barkley because Barkley' s teaching of changing roles in response to a 
change in the state of the workflow help Haverstock, Serbinis and Sudama' s system to create 
unique role for each activity in the workflow (col. 6, lines 44-47, 64-65). 
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37. Applicant's arguments filed 10/17/2004 have been fully considered but they are not 
persuasive. 

38. In the remark, applicant argued that (1) Neither Haverstock nor Serbinis et al taught the 
limitation of upon entry of a document into workflow, creating a workflow copy of the base 
document. The cited portion of Serbinis does not teach upon entry of a document into a 
workflow, creating a workflow working copy of the base document (see remark, page 13, line 25 
to page 14, line 10). (2) Haverstock, Serbinis et al, and Sudama et al do not teach the limitation 
of upon creation of a workflow, creating a workflow copy of a base document, and 
receiving a request to create a new operation that may be performed on the workflow copy 
of the base document (see remark, page 15, line 3-12). 

39. Examiner traverse the argument: 

As to point (1), Serbinis taught to make a workflow copy of the base document upon entry into a 
workflow and to enable user access to the working copy of the base document depending on the 
user authorization (col. 11, lines 7-16). Serbinis taught in column 1 1, lines 7-16 that a user can 
"get" a copy of the document (e.g., creation of a workflow working copy of the base document). 
A "get" request is different from a "check-out" request. Both "get" request and "check-out" 
request in Serbinis' reference prompt to begin the workflow process by first creating and 
providing the requester a working copy of the original document. This read on the claimed 
limitation of upon entry of a document into workflow (e.g., Receiving a "get" request to 
request the base document for processing; prompting the start of the workflow), creating a 
workflow copy of the base document (e.g., providing the requester a copy of the document). 
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Serbinis further taught that the user can download the document (col. 11, lines 7-16) where 
"download" by definition is to transfer a copy of the original file fi'om storage to the requester. It 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
combine the teachings of Haverstock and Serbinis because Serbinis 's teaching of making a 
workflow copy of the base document and accessing the copy of base document enables 
Haverstock' s system to leave the base document available for access by other authorized users 
(Serbinis, col. 11, lines 7-16). 

As to point (2), Serbinis taught to make a workflow copy of the base document upon entry into a 
workflow and to enable user access to the working copy of the base document depending on the 
user authorization (col. 11, lines 7-16). Serbinis taught in column 11, lines 7-16 that a user can 
"get" a copy of the document (e.g., creation of a workflow working copy of the base document). 
A "get" request is different from a "check-out" request. Both "get" request and "check-out" 
request in Serbinis' reference prompt to begin the workflow process by first creating and 
providing the requester a working copy of the original document. This read on the claimed 
limitation of upon creation of a workflow (e.g., Receiving a "get" request to request the base 
document for processing; prompting the start of the workflow), creating a workflow copy of a 
base document (e.g., providing the requester a copy of the document). Serbinis further taught 
that the user can download (col. 1 1, hnes 7-16) and modify the document if the user is authorized 
(col. 10, lines 27-30, col.l 1, lines 7-16), This read on the claimed limitation of receiving a 
request to create a new operation that may be performed on the workflow copy of the base 
document (e.g., modification). It would have been obvious to one of ordinary skill in the art at 
the time the invention was made to combine the teachings of Haverstock and Serbinis because 
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Serbinis's teaching of making a workflow copy of the base document and accessing the copy of 
base document enables Haverstock's system to leave the base document available for access by 
other authorized users (Serbinis, col.l 1, lines 7-16). 

Conclusion 

40. The prior art made of record and not reUed upon is considered pertinent to applicant's 
disclosure. 

Gill et al, US 6,052,514, disclosed check-out and check-in functions. 

41 . Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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42. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kenny Lin whose telephone number is (571) 272-3968. The 
examiner can normally be reached on 8 AM to 5 PM Tue.-Fri. and every other Monday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John FoUansbee can be reached on (571) 272-3964. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
AppHcation Information Retrieval (PAIR) system. Status information for pubhshed applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




